Bigger than expected

All users have been advised to change their Yahoo passwords if they have never done so since 2014.

The consoling part about this attack is that the stolen information does not affect the sensitive parts – the payment info remains safe while the passwords were encrypted. That’s good. But the whole issue puts Yahoo’s credibility to question, considering the circumstances that led to Yahoo releasing this information.

Why stay all the way from 2014 to finally assess the scale of the hack in 2016? And all this time, why have they left the users in the dark – unprotected?

The firm claims this attack may have been state-sponsored. Is it really so? Such kinds of hacks are usually meant for political benefits but not financial gain. Then why was the information on sale online? Do they have any evidence it was state-sponsored?

David Lee says that “Verizon, which has agreed to buy Yahoo, said it had not been told until a couple of days ago – why not? And why is Marissa Mayer, a chief executive who has presided over bad deals and now the biggest breach in internet history, still in charge?”

In an era where technology controls almost everything, firms ought to understand that disclosure is better.